-34- 
Claims 



1 1 . A security server system that securely qualifies the execution of programs 

2 within a community of networked host computer systems, said security server 

3 system comprising: 

4 a) a database storing sets of pre-qualified program signatures and 

5 defined policy rules associating execution permission qualifiers with execution 

6 control values; and 

7 b) a processor coupled to said database and including a memory 

8 storing a control program and a communications network interface coupleable 

9 to a community of one or more host computer systems, said processor operative 

10 to execute said control program in response to execution requests received via 

1 1 said communications network interface from identifiable host computer systems 

1 2 within said community, wherein a predetermined execution request received from 

13 a predetermined host computer system includes an identification of a program 

14 load request, request context related data, and a secure program signature, 

15 execution of said control program providing for determination of an execution 

16 control value based on an evaluation of said predetermined execution request 
1 7 relative to said sets of pre-qualified program signatures and defined policy rules, 

18 whereby return of said execution control value to said predetermined host 

19 computer system securely qualifies the execution of the program identified with 

20 said program load request. 

1 2. The security server system of Claim 1 wherein each identifiable host 

2 computer within said community includes an local operating system, said security 
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3 server system further comprising a module implemented on each identifiable host 

4 computer system within said community in combination with said local operating 

5 systems, said module, responsive to said program load request, being operative 

6 to generate said predetermined execution request, said module, responsive to an 

7 execution request response including said execution control value, being operative 

8 to permit or deny said program load request. 

1 3. The security server system of Claim 2 wherein execution of said control 

2 program provides for the lookup of said secure program signature in said 

3 database to identify a resource reference that is evaluated with said 

4 predetermined execution request to determine said execution control value. 

1 4. The security server system of Claim 3 wherein said predetermined 

2 execution request includes authentication data and access attributes determined 

3 from said local operating system relative to said program load request. 

1 5. The security server system of Claim 4 wherein execution of said control 

2 program provides for the selection of a default resource reference on a failure of 

3 the lookup of said secure program signature in said database, said default 

4 resource reference being evaluated with said predetermined execution request to 

5 determine said execution control value. 

1 6. The security server system of Claim 5 wherein said execution control value 

2 provides a specification to permit or deny said program load request and wherein 
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said specification to permit is selectively qualifiable to include predetermined 
execution limitations including first limitations on said program load request. 



1 7. The security server system of Claim 6 wherein said predetermined 

2 execution limitations include second limitations on the execution of the program 

3 identified with said program load request. 

1 8. The security server system of Claim 7 wherein said module, responsive to 

2 said execution control value, is operative to implement said predetermined 

3 execution limitations. 

1 9. A security server system that securely controls load execution of programs 

2 on a host computer system, said security server system comprising: 

3 a) a module installed as a component of a host computer system, 

4 said module operative relative to an operating system executed by said host 

5 computer system to intercept system calls to load an execute program for 

6 execution, said module further operative to generate a security request containing 

7 a predetermined load request, associated authentication data and access 

8 attributes and a target secure program signature of an executable program 

9 identified by said predetermined load request; and 

1 0 b) a security server, responsive to said security request, including a 

1 1 first database of pre-qualified secure program signatures and a second database 

1 2 of policy rules associating defined load requests, authentication data, and access 

13 attributes with predetermined pre-qualified secure program signatures, said 

1 4 security server further including a control program operative to parse said policy 
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15 rules relative to said security request and generate a security request response 

16 reflective of a match between said security request and a corresponding one of 

1 7 said policy rules. 

1 10. The security server system of Claim 9 wherein said module is responsive 

2 to said security request response to enable completion of said predetermined load 

3 request by said operating system. 

1 11. The security server system of Claim 10 wherein said control program is 

2 operative to lookup said target secure program signature in said first database to 

3 obtain a resource reference, wherein said control program is operative to lookup 

4 said predetermined load request, associated authentication data and access 

5 attributes, and said resource reference in said second database to identify an 

6 applicable set of policy rules, and wherein said control program is operative to 

7 generate said security request response based on said applicable set of policy 

8 rules. 

1 12. The security server system of Claim 1 1 wherein said applicable set of policy 

2 rules includes a default policy rule corresponding to a lookup failure of said target 

3 secure program signature in said first database. 

1 13. The security server system of Claim 9 wherein said module and security 

2 server are interconnected by a communications network through which said 

3 security request is transmitted. 
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1 14. A method of securing the execution of programs on a host computer 

2 system comprising the steps of: 

3 a) intercepting, on a host computer, a load request for the execution 

4 of a program; 

5 b) determining authorization data and access attributes associated 

6 with said load request; 

7 c) generating a secure signature for said program; 

8 d) providing a security request, including an identification of said 

9 load request, said authorization data and access attributes and said secure 

10 signature, to a security server, wherein said security server, in secure isolation 

1 1 from said host computer system, evaluates said security request and returns a 

1 2 security request response; and 

1 3 e) selectively enabling performance of said load request dependent 

14 on said security request response. 

1 1 5. The method of Claim 1 4 wherein said security server performs the steps of: 

2 a) evaluating said security request to determine whether said secure 

3 signature matches any of a plurality of predetermined secure signatures 

4 maintained in a first database by said security server and whether said 

5 identification of said load request and said authorization data and access 

6 attributes match any of a plurality of policy rules maintained in a second database 

7 by said security server; and 

8 b) generating said security request response dependent on said step 

9 of evaluating. 
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1 1 6. The method of Claim 1 5 wherein said security server further performs the 

2 step of parsing a policy rule identified by said step of evaluating to implement the 

3 policy operation identified by said policy rule, wherein said step of generating said 

4 security request response is further dependent on said step of parsing. 

1 1 7. The method of Claim 1 6 wherein said step of generating identifies in said 

2 security request response a control directive having at least the possible values of 

3 deny, enable, and enable subject to limitations. 

1 18. The method of Claim 17 wherein said step of selectively enabling 

2 performance includes the step of constraining execution of said program 

3 dependent on said control directive. 
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